NIST 800-63B

Summary

NIST Special Publication 800-63B is a digital identity guideline that provides recommendations on types of authentication processes that may be used at various Authenticator Assurance Levels (AALs). It applies to the digital authentication of subjects to systems over a network. The version used for this section is NIST 800-63B.

Definitions

Definition	Requirements
5_1_1_2. Memorized secret verifiers	127. Store hashed passwords 132. Passphrases with at least 4 words 134. Store passwords with salt 135. Passwords with random salt 139. Set minimum OTP length 332. Prevent the use of breached passwords 333. Store salt values separately 334. Avoid knowledge-based authentication
5_1_3_2. Out-of-band verifiers	335. Define out of band token lifespan
5_1_4_2. Single-factor OTP verifiers	140. Define OTP lifespan
5_2_3. Use of biometrics	231. Implement a biometric verification component
5_2_5. Verifier impersonation resistance	088. Request client certificates
5_2_8. Replay resistance	030. Avoid object reutilization
6_1_1. Binding at enrollment	136. Force temporary password change 137. Change temporary passwords of third parties 367. Proper generation of temporary passwords
7_1. Session bindings	025. Manage concurrent sessions 028. Allow users to log out 030. Avoid object reutilization 031. Discard user session data 329. Keep client-side storage without sensitive data
7_1_1. Browser cookies	029. Cookies with security attributes

free trial

Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.